The rapid acceleration of cloud adoption combined with the democratization of artificial intelligence tools has created a perfect storm for enterprise security, according to Chris Saunders, solutions engineering director at cloud security giant Wiz. Speaking at the Cloud Exchange 2026 conference, Saunders delivered a stark warning: the data threat surface is expanding faster than most organizations can comprehend, and shadow AI — the use of AI tools without IT department oversight — has emerged as the single most dangerous blind spot in corporate security architectures.
Drawing on Wiz's research across thousands of cloud environments globally, Saunders painted a picture of enterprises hemorrhaging sensitive data through unmonitored AI pipelines. 'We're not talking about sophisticated nation-state attacks here,' he emphasized. 'We're talking about marketing teams uploading customer databases to public AI models, engineers pasting proprietary code into coding assistants, and financial analysts feeding confidential projections into language models — all without any security review whatsoever.' The Cloud Exchange 2026 session, which drew over 3,000 virtual attendees from 47 countries, highlighted how the convergence of cloud computing and AI accessibility has fundamentally altered the cybersecurity landscape.
The Shadow AI Explosion: Why 2026 Is the Tipping Point
The term 'shadow AI' echoes the 'shadow IT' phenomenon of the early 2010s, when employees began using Dropbox, Google Drive, and other cloud storage services without corporate approval. But Saunders argues the AI variant is exponentially more dangerous. 'When someone uploaded a spreadsheet to Dropbox, the file itself was the asset. When someone uploads that same spreadsheet to an AI model, the data becomes part of the model's training corpus — it's irreversible, it's un-deletable, and it can resurface in unpredictable ways through model outputs,' he explained. This fundamental difference makes shadow AI a qualitatively different challenge from any previous security paradigm.
Three converging trends have pushed shadow AI to the top of the enterprise risk register in 2026. First, the sheer accessibility of consumer AI tools — OpenAI's ChatGPT, Google's Gemini, Anthropic's Claude, and dozens of specialized models — has made AI usage as commonplace as web search. Second, cloud providers have aggressively expanded their AI service portfolios; Amazon Web Services alone now offers over 40 distinct AI and machine learning services, up from just 12 in 2024. Third, competitive pressures are driving employees to seek productivity gains wherever possible, often bypassing slow-moving IT procurement processes. Saunders cited Wiz's internal research showing that the average enterprise has 157 AI models running in its cloud environment, with 68% of them unknown to the security team.
Real-World Breaches: When Shadow AI Goes Wrong
Saunders punctuated his presentation with several anonymized case studies from Wiz's incident response engagements. One particularly sobering example involved a US-based health insurance provider where an actuarial analyst uploaded 2.3 million policyholder records — including protected health information — to a commercial AI platform to optimize pricing algorithms. A vulnerability in the platform's API exposed the dataset, which subsequently appeared on dark web marketplaces. The resulting class-action lawsuit sought $380 million in damages. 'This isn't hypothetical,' Saunders stressed. 'This happened in 2025, and the company is still dealing with the fallout.'
In another case, engineers at a European automotive manufacturer used AI coding assistants to optimize proprietary battery technology algorithms. One of the tools they used had terms of service that permitted the vendor to incorporate uploaded code into its training datasets. Within months, elements of the company's four-year R&D investment in next-generation battery chemistry appeared in a competing product from a Chinese manufacturer. Saunders noted that these cases represent only the breaches that were detected and disclosed. 'Most organizations have no idea what data is flowing into which AI models. The actual number of shadow AI-related data leaks is likely ten times higher than what we see reported,' he said.
Wiz's Four-Phase Framework for AI Security Posture Management
Beyond identifying the problem, Saunders outlined a practical four-phase framework that Wiz has developed to help enterprises regain control over their AI footprint. Phase one — discovery — involves creating a complete inventory of all AI models, APIs, and data flows operating within the organization's cloud environment. 'You can't secure what you can't see,' Saunders said, noting that Wiz's AI Security Posture Management (AI-SPM) tool can automatically map an enterprise's entire AI attack surface within hours. The tool scans cloud configurations, API logs, and network traffic to identify both sanctioned and unsanctioned AI activity.
Phase two — classification — categorizes discovered AI tools based on risk level, considering factors such as data sensitivity, model provenance, and compliance requirements. Phase three — policy enforcement — implements automated guardrails that prevent sensitive data from flowing into unapproved AI models. This includes real-time blocking of API calls that attempt to send personally identifiable information (PII), protected health information (PHI), or intellectual property to external AI services. Phase four — continuous monitoring — recognizes that AI security is not a one-time exercise. 'AI models evolve, new tools emerge daily, and threat actors are constantly developing new attack vectors,' Saunders explained. 'Your security posture needs to be as dynamic as the threat landscape.'
Reimagining Zero Trust for the AI Era
A significant portion of Saunders' presentation focused on how the zero trust security model must evolve for the AI era. Traditional zero trust operates on the principle of 'never trust, always verify' for user access and network connections. In the AI context, Saunders argues this must become 'never trust any model, verify every data flow.' He explained: 'When an employee sends data to an AI model, you need to verify where that data will be stored, whether it will be used for model training, whether third parties will have access, and what the model's output retention policies are. Most organizations have none of these controls in place.'
API security emerged as a particular focus area in Saunders' framework. With over 70% of enterprise AI interactions occurring through APIs in 2026, each API call represents a potential data exfiltration point. Wiz's research indicates that 42% of AI-related APIs in enterprise cloud environments lack adequate authentication controls. 'That's the equivalent of leaving your bank vault door open and hoping no one notices,' Saunders remarked. He advocated for mandatory API gateways with AI-specific inspection capabilities that can analyze not just the authentication headers but the actual data payload being transmitted to external AI services.
The Regulatory Time Bomb: Compliance Risks of Uncontrolled AI
Saunders devoted considerable attention to the regulatory dimension of shadow AI, arguing that many organizations are unknowingly accumulating massive compliance liabilities. The European Union's AI Act, which came into full force in 2025, imposes penalties of up to 6% of global annual revenue for high-risk AI violations. 'A single employee using an unapproved AI tool to process customer data could trigger a regulatory investigation that costs your company hundreds of millions,' Saunders warned. He noted that the AI Act's extraterritorial reach means these penalties apply to any company processing EU citizen data, regardless of where the company is headquartered.
In the United States, the regulatory picture is more fragmented but equally challenging. While comprehensive federal AI legislation remains stalled in Congress, states including California, New York, and Illinois have enacted their own AI governance laws, creating a complex patchwork of requirements. Saunders cited a Wiz customer survey showing that 67% of IT leaders worry about regulatory non-compliance from shadow AI, but only 23% have tools to measure their exposure. 'That's a 44-point awareness-action gap,' he noted. 'Companies know they have a problem, but they lack the instrumentation to quantify and address it.' The survey also revealed that 58% of organizations had no AI-specific clauses in their cyber insurance policies as of early 2026.
The Booming AI Security Market: Investment Trends
The urgency of the shadow AI challenge is reflected in market numbers. Saunders shared data showing the global AI security market reached $48 billion in 2026, with projections exceeding $120 billion by 2028. Wiz itself has been a primary beneficiary of this growth, with annual recurring revenue surging from $1.2 billion in 2025 to $2.2 billion in the first half of 2026 — an 85% increase. 'AI security has moved from a nice-to-have to an existential imperative,' Saunders said. Major consulting firms' surveys indicate that 78% of CEOs now rank AI security among their top three risks, compared to just 32% in 2024.
However, Saunders cautioned that technology investment alone is insufficient. 'You can buy every AI security tool on the market, but if your employees don't understand the risks, you'll still have shadow AI,' he said. He advocated for a cultural transformation that makes secure AI usage the path of least resistance. 'Don't tell employees they can't use AI — they will anyway. Give them approved, secure alternatives that are actually better than the shadow tools they're currently using.' Wiz recommends creating an internal AI marketplace where employees can access pre-vetted, security-approved AI tools for common use cases, making compliance easier than circumvention.
The Next Frontier: AI-on-AI Attacks and Model Theft
Looking ahead, Saunders closed his Cloud Exchange 2026 presentation with predictions that left the audience visibly unsettled. He forecasted three major developments within the next 18 months. First, a new product category — the AI Security Broker — will emerge, analogous to the Cloud Access Security Brokers (CASBs) that appeared in 2015. These tools will sit between enterprises and AI services, inspecting and filtering all data flows in real time. Second, cyber insurance providers will begin adding 'shadow AI exclusions' to their policies, meaning losses from uncontrolled AI usage will not be covered — a development that Saunders said is already being discussed in Lloyd's of London underwriting circles.
The third and most alarming prediction involves the emergence of AI-versus-AI attacks. 'Before the end of 2026, we will see purpose-built AI models designed to attack other AI models — extracting training data, poisoning outputs, or stealing model architectures,' Saunders predicted. This concept, already termed 'model theft' in cybersecurity circles, represents an entirely new class of threats. Wiz's threat research team has already detected early examples of automated attacks targeting shadow AI deployments. Saunders concluded with a sobering assessment: 'Ignoring shadow AI in 2026 is not a security mistake — it's a strategic failure. The organizations that survive the next five years will be those that treat AI security as a board-level priority starting today.'
